Appearance
API tokens
Open Settings → Tokens to create and manage Dr.Gero API tokens.
Creating a token
A token has:
- Name: a human-readable label.
- Expiration: no expiration, 1 hour, 1 day, 7 days, 30 days, 90 days, 180 days, or 1 year.
- Credit limit: optional dollar limit for token usage.
- Reset interval: none, daily, weekly, or monthly.
- Scopes: permissions that control what the token can do.
The token secret is shown once and starts with drgero_.
Recommended scopes
| Use case | Scopes |
|---|---|
| Call inference only | leaderboards:inference |
| Read traces | leaderboards:read |
| Push dataset rows | leaderboards:write |
| Create/update leaderboards | leaderboards:read, leaderboards:write |
| Run evaluations | leaderboards:run |
| Manage models | models:read, models:write |
| Run fine-tuning | models:fine-tune |
| Full automation | * or category wildcards such as leaderboards:*, models:* |
An empty scope array may be treated by the backend as backward-compatible full access. Prefer explicit scopes for production.
Token budgets
The runtime inference endpoint returns token budget headers when a budget is attached:
http
X-Dr.Gero-Token-Budget-Limit-Usd: 25.00
X-Dr.Gero-Token-Budget-Remaining-Usd: 19.42
X-Dr.Gero-Token-Budget-Used-Usd: 5.58
X-Dr.Gero-Token-Budget-Reset-At: 2026-07-01T00:00:00.000ZFree plan tokens may be capped to a low monthly inference budget. If a budget is exceeded, calls return an error instead of silently running.
Revoking or deleting tokens
Use Revoke to immediately disable a token. Use Delete to remove token records you no longer need.
Security guidance
- Store tokens in server-side secret managers.
- Do not embed
drgero_tokens in frontend applications. - Create separate tokens per service or environment.
- Use a budget and expiration for CI, demos, or third-party integrations.